WO2006107542A3 - System and method for achieving machine authentication without maintaining additional credentials - Google Patents
System and method for achieving machine authentication without maintaining additional credentials Download PDFInfo
- Publication number
- WO2006107542A3 WO2006107542A3 PCT/US2006/009195 US2006009195W WO2006107542A3 WO 2006107542 A3 WO2006107542 A3 WO 2006107542A3 US 2006009195 W US2006009195 W US 2006009195W WO 2006107542 A3 WO2006107542 A3 WO 2006107542A3
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- machine
- authentication
- supplicant
- server
- pac
- Prior art date
Links
- 238000013475 authorization Methods 0.000 abstract 1
- 238000010200 validation analysis Methods 0.000 abstract 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/33—User authentication using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2129—Authenticate client device independently of the user
Abstract
A Machine Authentication PAC (Protected Access Credential) serves as machine credentials to obtain network access without requiring server storage and management of the additional set of credentials. The first time authentication is performed, user authentication is executed. After the supplicant and server have mutually authenticated each other and satisfied other validations, the supplicant requests a Machine Authentication PAC from the server. The Server randomly generates a cryptographic key (Device Key) and sends it to the supplicant along with an encrypted ticket, comprising the Device Key and other information and encrypted with a key only known to the Server. The supplicant caches the Machine Authentication PAC in its non-volatile memory for future use. When the machine needs to access certain network services before a user is available, the supplicant uses the Machine Authentication PAC to gain authorization for the machine to limited access on the network, without requiring user input.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP06738276.2A EP1869820B1 (en) | 2005-04-04 | 2006-03-15 | System and method for achieving machine authentication without maintaining additional credentials |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/098,637 | 2005-04-04 | ||
US11/098,637 US7640430B2 (en) | 2005-04-04 | 2005-04-04 | System and method for achieving machine authentication without maintaining additional credentials |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2006107542A2 WO2006107542A2 (en) | 2006-10-12 |
WO2006107542A3 true WO2006107542A3 (en) | 2007-11-22 |
Family
ID=37072015
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2006/009195 WO2006107542A2 (en) | 2005-04-04 | 2006-03-15 | System and method for achieving machine authentication without maintaining additional credentials |
Country Status (3)
Country | Link |
---|---|
US (1) | US7640430B2 (en) |
EP (1) | EP1869820B1 (en) |
WO (1) | WO2006107542A2 (en) |
Families Citing this family (20)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8123616B2 (en) | 2003-03-25 | 2012-02-28 | Igt | Methods and apparatus for limiting access to games using biometric data |
US7867083B2 (en) * | 2003-03-25 | 2011-01-11 | Igt | Methods and apparatus for limiting access to games using biometric data |
US7828652B2 (en) | 2004-02-12 | 2010-11-09 | Igt | Player verification method and system for remote gaming terminals |
FR2887723A1 (en) * | 2005-06-28 | 2006-12-29 | France Telecom | METHOD FOR OBTAINING CONFIGURATION DATA FOR A TERMINAL USING THE DHCP PROTOCOL |
US8402525B1 (en) | 2005-07-01 | 2013-03-19 | Verizon Services Corp. | Web services security system and method |
US8200191B1 (en) * | 2007-02-08 | 2012-06-12 | Clearwire IP Holdings | Treatment of devices that fail authentication |
US8201231B2 (en) * | 2007-02-21 | 2012-06-12 | Microsoft Corporation | Authenticated credential-based multi-tenant access to a service |
US8510808B2 (en) | 2008-01-08 | 2013-08-13 | Microsoft Corporation | Associating computing devices with common credentials |
US7689700B2 (en) * | 2008-01-08 | 2010-03-30 | Microsoft Corporation | Configuration of a peer group |
US8635670B2 (en) * | 2008-05-16 | 2014-01-21 | Microsoft Corporation | Secure centralized backup using locally derived authentication model |
US20100083358A1 (en) * | 2008-09-29 | 2010-04-01 | Perfios Software Solutions Pvt. Ltd | Secure Data Aggregation While Maintaining Privacy |
US8490871B1 (en) * | 2011-04-28 | 2013-07-23 | Amazon Technologies, Inc. | Method and system for product restocking using machine-readable codes |
US8924711B2 (en) * | 2012-04-04 | 2014-12-30 | Zooz Mobile Ltd. | Hack-deterring system for storing sensitive data records |
US9077772B2 (en) | 2012-04-20 | 2015-07-07 | Cisco Technology, Inc. | Scalable replay counters for network security |
US8800010B2 (en) | 2012-04-20 | 2014-08-05 | Cisco Technology, Inc. | Distributed group temporal key (GTK) state management |
US9208295B2 (en) | 2012-10-16 | 2015-12-08 | Cisco Technology, Inc. | Policy-based control layer in a communication fabric |
US9378274B2 (en) | 2013-06-10 | 2016-06-28 | Cisco Technology, Inc. | Object filtering in a computing network |
CN103825742A (en) * | 2014-02-13 | 2014-05-28 | 南京邮电大学 | Authentication key agreement method applicable to large-scale sensor network |
WO2017048278A1 (en) * | 2015-09-18 | 2017-03-23 | Longsand Limited | Communicate with server using credential |
US20170140134A1 (en) * | 2015-11-16 | 2017-05-18 | Welch Allyn, Inc. | Medical device user caching |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5757920A (en) * | 1994-07-18 | 1998-05-26 | Microsoft Corporation | Logon certification |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6088451A (en) * | 1996-06-28 | 2000-07-11 | Mci Communications Corporation | Security system and method for network element access |
US6189100B1 (en) * | 1998-06-30 | 2001-02-13 | Microsoft Corporation | Ensuring the integrity of remote boot client data |
US7257836B1 (en) * | 2000-04-24 | 2007-08-14 | Microsoft Corporation | Security link management in dynamic networks |
US7580972B2 (en) * | 2001-12-12 | 2009-08-25 | Valve Corporation | Method and system for controlling bandwidth on client and server |
US7549048B2 (en) * | 2004-03-19 | 2009-06-16 | Microsoft Corporation | Efficient and secure authentication of computing systems |
-
2005
- 2005-04-04 US US11/098,637 patent/US7640430B2/en active Active
-
2006
- 2006-03-15 EP EP06738276.2A patent/EP1869820B1/en active Active
- 2006-03-15 WO PCT/US2006/009195 patent/WO2006107542A2/en active Application Filing
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5757920A (en) * | 1994-07-18 | 1998-05-26 | Microsoft Corporation | Logon certification |
Also Published As
Publication number | Publication date |
---|---|
EP1869820B1 (en) | 2019-05-08 |
EP1869820A4 (en) | 2014-12-10 |
EP1869820A2 (en) | 2007-12-26 |
US7640430B2 (en) | 2009-12-29 |
US20060224890A1 (en) | 2006-10-05 |
WO2006107542A2 (en) | 2006-10-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2006107542A3 (en) | System and method for achieving machine authentication without maintaining additional credentials | |
EP2731043B1 (en) | Computer system for storing and retrieval of encrypted data items, client computer, computer program product and computer-implemented method | |
CN1770688B (en) | User authentication system and method | |
US8549298B2 (en) | Secure online service provider communication | |
US20190205547A1 (en) | Providing and checking the validity of a virtual document | |
EP2420036B1 (en) | Method and apparatus for electronic ticket processing | |
US20050137889A1 (en) | Remotely binding data to a user device | |
US20120144472A1 (en) | Fraud Detection | |
WO2002073861A3 (en) | Method and apparatus for cryptographic key storage wherein key servers are authenticated by possession and secure distribution of stored keys | |
CN1987885A (en) | Computer implemented method for securely acquiring a binding key and securely binding system | |
CN105430014B (en) | A kind of single-point logging method and its system | |
CN101999125A (en) | System and method for improving restrictiveness on accessingsoftware applications | |
CN104767731A (en) | Identity authentication protection method of Restful mobile transaction system | |
US8397281B2 (en) | Service assisted secret provisioning | |
JP2014508456A5 (en) | ||
CN101541002A (en) | Web server-based method for downloading software license of mobile terminal | |
RU2013140418A (en) | SAFE ACCESS TO PERSONAL HEALTH RECORDS IN EMERGENCIES | |
JP2006190175A (en) | Rfid-use type authentication control system, authentication control method and authentication control program | |
JP2011012511A (en) | Electric lock control system | |
EP1843274B1 (en) | Digital rights management system | |
US20080229433A1 (en) | Digital certificate based theft control for computers | |
US20070204167A1 (en) | Method for serving a plurality of applications by a security token | |
JP2009290508A (en) | Electronized information distribution system, client device, server device and electronized information distribution method | |
EP2920732B1 (en) | Computer system for storing and retrieval of encrypted data items, client computer, computer program product and computer-implemented method | |
Avdyushkin et al. | Secure location validation with wi-fi geo-fencing and nfc |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2006738276 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: RU |